Summer Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 1271b8m643

SAA-C02 Exam Dumps - AWS Certified Solutions Architect - Associate (SAA-C02)

Question # 4

A company allows its developers to attach existing IAM policies to existing IAM roles to enable faster experimentation and agility. However, the security operations team is concerned that the developers could attach the existing administrator policy, which would allow the developers to circumvent any other security policies.

How should a solution architect address this issue?

A.

Create an Amazon SNS topic to send an alert every time a developer create a new policy.

B.

Use service control policies to disable IAM across all account in the organizational unit.

C.

Prevent the developers from attaching any policies and duties to the security option team.

D.

Set an IAM permission boundary on the developer IAM role that explicitly denies of attaching the administrator policy

Full Access
Question # 5

A company is using a VPC peering strategy to connect its VPCs in a single Region to allow for cross-communication. A recent increase in account creations and VPCs has made it difficult to maintain the VPC peering strategy, and the company expects to grow to hundreds of VPCs. There are also new requests to create site-to-site VPNs some of the VPCs. A solution architect has been tasked with creating a centrally managed networking setup for multiple account, VPCs and VPNs.

Which networking solution these requirements?

A.

Configure shared VPCs and VPNs and share to each other.

B.

Configure a hub-and-spoke VPC and route all traffic through VPC peering.

C.

Configure an AWS Direct Connect connection between al VPCs and VPNs.

D.

Configure a transit gateway with Transit Gateway and connect all VPCs and VPNs.

Full Access
Question # 6

A company runs an online marketplace web application on AWS. The application serves hundreds of thousands of users during peak hours. The company needs a scalable, near-real-time solution to share the details of millions of financial transactions with several other internal applications Transactions also need to be processed to remove sensitive data before being stored in a document database for low-latency retrieval.

What should a solutions architect recommend to meet these requirements?

A.

Store the transactions data into Amazon DynamoDB Set up a rule in DynamoDB to remove sensitive data from every transaction upon write Use DynamoDB Streams to share the transactions data with other applications

B.

Stream the transactions data into Amazon Kinesis Data Firehose to store data in Amazon DynamoDB and Amazon S3 Use AWS Lambda integration with Kinesis Data Firehose to remove sensitive data. Other applications can consume the data stored in Amazon S3

C.

Stream the transactions data into Amazon Kinesis Data Streams Use AWS Lambda integration to remove sensitive data from every transaction and then store the transactions data in Amazon DynamoDB Other applications can consume the transactions data off the Kinesis data stream.

D.

Store the batched transactions data in Amazon S3 as files. Use AWS Lambda to process every file and remove sensitive data before updating the files in Amazon S3 The Lambda function then stores the data in Amazon DynamoDB Other applications can consume transaction files stored in Amazon S3.

Full Access
Question # 7

A company has a corporate network on premises and has three VPCs in the AWS Cloud. The company has one VPC each for development, test, and, production. The company wants its system administrators to security gain remote command-line access from the corporate network to Amazon EC2 instances in the VPCs.

Which solution meets these requirements MOST cost-effectively?

A.

Set up a VPN connection between the corporate network and each of the three VPCs by using AWS VPN Use Remote Desktop Protocol (RDP) or SSH over the VPN connection to access the EC2 instances remotely.

B.

Configure the EC2 instances to use an instance profile that trusts AWS Systems Manager Use Systems Manager Session Manager to gain console access to the EC2 instances

C.

Create a new VPC Purchase and install a virtual router from AWS Marketplace Establish a VPN connection from the corporate network to this router. Establish another VPN connection from the 'outer to the other three VPCs Use Remote Desktop Protocol (RDP) or SSH over the VPN connection to access the EC2 instances remotely.

D.

Create a new VPC Establish a VPN connection to the new VPC. Configure peering connections between the new VPC and the existing VPCs In the new VPC create an EC2 bastion host to serve as a jump box lo EC2 instances in the other VPCs Use Remote Desktop Protocol (RDP) or SSH over the VPN connection to the bastion host

Full Access
Question # 8

A company wants to monitor its AWS costs for financial review. The cloud operations team is designing an architecture in the AWS Organizations management account to query AWS Cost and Usage Reports for all member accounts. The team must run this query once a month and provide a detailed analysis of the bill.

Which solution is the MOST scalable and cost-effective way to meet these requirements?

A.

Enable Cost and Usage Reports in the management account. Deliver reports to Amazon Kinesis. Use Amazon EMR for analysis.

B.

Enable Cost and Usage Reports in the management account. Deliver the reports to Amazon S3. Use Amazon Athena for analysis.

C.

Enable Cost and Usage Reports for member accounts. Deliver the reports to Amazon S3. Use Amazon Redshift for analysis.

D.

Enable Cost and Usage Reports for member accounts. Deliver the reports to Amazon Kinesis. Use Amazon QuickSight for analysis.

Full Access
Question # 9

A company is running a media store across multiple Amazon EC2 instances distnbuted across multiple Availability Zones in a single VPC. The company wants a high-performing solution to share data between all the EC2 instances, and prefers to keep the data within the VPC only

What should a solutions architect recommend?

A.

Create an Amazon S3 bucket and call the service APIs from each instance's application.

B.

Create an Amazon S3 bucket and configure all instances to access it as a mounted volume

C.

Configure an Amazon Elastic Block Store (Amazon EBS) volume and mount it across ail instances.

D.

Configure an Amazon Elastic File System (Amazon EPS) file system and mount it across all instances

Full Access
Question # 10

A solutions architect needs to design a system to store client case files. The tiles are core company assets and are important. The number of tiles will grow over time. The files must be simultaneously accessible from multiple application servers that run on Amazon EC2 instances. The solution must have built-in redundancy. Which solution meets these requirements?

A.

Amazon Elastic File System (Amazon EFS)

B.

Amazon Elastic Block Store (Amazon EBS)

C.

Amazon S3 Glacier Deep Archive

D.

AWS Backup

Full Access
Question # 11

A development team stores its Amazon RDS MySQL DB instance user name and password credentials in a configuration file The configuration file is stored as plaintext on the root device volume of the team's Amazon EC2 instance When the team's application needs to reach the database it reads the file and loads the credentials into the code The team has modified the permissions of the configuration file so that only the application can read its content A solutions architect must design a more secure solution.

What should the solutions architect do to meet this requirement?

A.

Store the configuration file in Amazon S3 Grant the application access to read the configuration file

B.

Create an IAM role with permission to access the database Attach this IAM role to the EC2 instance

C.

Enable SSL connections on the database instance Alter the database user to require SSL when logging in.

D.

Move the configuration file to an EC2 instance store, and create an Amazon Machine Image (AMI) of the instance. Launch new instances from this AMI

Full Access
Question # 12

A company is running a critical business application on an Amazon EC2 instance The EC2 instance is hosting an Apache web server and a MySQL database server The application serves static content and dynamic content to end users The application is experiencing severe availability issues because of heavy user demand The company needs a solution that resolves the availability issues with the least operational effort and the least change to the application

What should a solutions architect do to meet these requirements?

A.

Deploy the application and the web server on AWS Fargate Use a Network Load Balancer to route traffic Migrate the database to Amazon DynamoDB

B.

Create an Amazon Machine Image (AMI) from the current EC2 instance Create an Auto Scaling group to provide more capacity as needed Use a Network Load Balancer to route traffic

C.

Host static content on Amazon S3 Deploy the application and the web server on AWS Fargate Use an Application Load Balancer to route traffic. Migrate the database to Amazon Aurora Serverless

D.

Host static content on Amazon S3 Deploy the application on EC2 instances that are configured in an Auto Scaling group Use an Application Load Balancer to route traffic Migrate the database to Amazon DynamoDB

Full Access
Question # 13

A company is building an application that consists of several microservices. The company has decided to use container technologies to deploy its software on AWS The company needs a solution that minimizes the amount of ongoing effort for maintenance and scaling. The company cannot manage additional infrastructure

Which combination of actions should a solutions architect take to meet these requirements? {Select TWO )

A.

Deploy an Amazon Elastic Container Service (Amazon ECS) cluster

B.

Deploy the Kubernetes control plane on Amazon EC2 instances that span multiple Availability Zones

C.

Deploy an Amazon Elastic Container Service (Amazon ECS) service with an Amazon EC2 launch type Specify a desired task number level of greater than or equal to 2

D.

Deploy an Amazon Elastic Container Service (Amazon ECS) service with a Fargate launch type Specify a desired task number level of greater than or equal to 2

E.

Deploy Kubernetes worker nodes on Amazon EC2 instances that span multiple Availability Zones Create a deployment that specifies two or more replicas for each microservice

Full Access
Question # 14

A company is seeing access requests by some suspicious IP addresses The security team discovers the requests are from different IP addresses under the same CIDR range

What should a solutions architect recommend to the team?

A.

Add a rule in the inbound table of the secunty group to deny the traffic from that CIDR range

B.

Add a rule in the outbound table of the security group to deny the traffic from that CIDR range

C.

Add a deny rule in the inbound table of the network ACL with a lower rule number than other rules

D.

Add a deny rule in the outbound table of the network ACL with a lower rule number than other rules

Full Access
Question # 15

The financial application at a company stores monthly reports in an Amazon S3 bucket. The vice president of finance has mandated that ail access to these reports be logged and that any modifications to the tog files be detected.

Which actions can a solutions architect take to meet these requirements?

A.

Use S3 server access togging on the bucket that houses the reports with the read and write data events and log file validation options enabled

B.

Use S3 server access logging on the bucket that houses the reports with the read and write management events and log file validation options enabled

C.

Use AWS CloudTrail to create a new trail Configure the trail to log read and write data events on the S3 bucket that houses the reports Log these events to a new bucket and enable log file validation

D.

Use AWS CloudTrail to create a new trail Configure the trail to log read and write management events on the S3 bucket that houses the reports. Log these events to a new bucket, and enable log file validation.

Full Access
Question # 16

A company is planning to deploy a business-critical application in the AWS Cloud. The application requires durable storage with consistent, low-latency performance

Which type of storage should a solutions architect recommend to meet these requirements?

A.

Instance store volume

B.

Amazon ElastiCache for Memcached cluster

C.

Provisioned lOPS SSD Amazon Elastic Block Store (Amazon EBS> volume

D.

Throughput Optimized HDD Amazon Elastic Block Store (Amazon EBS) volume

Full Access
Question # 17

A company is preparing to deploy a data lake on AWS A solutions architect must define the encryption strategy for data at rest in Amazon S3. The company's security policy states

• Keys must be rotated every 90 days

• Strict separation of duties between key users and key administrators must be implemented

• Auditing key usage must be possible

What should the solutions architect recommend?

A.

Server-side encryption with AWS KMS managed keys (SSE-KMS) with customer managed customer master keys (CMKs)

B.

Server-side encryption with AWS KMS managed keys (SSE-KMS) with AWS managed customer master keys (CMKs)

C.

Server-side encryption with Amazon S3 managed keys (SSE-S3) with customer managed customer master keys (CMKs)

D.

Server-side encryption with Amazon S3 managed keys (SSE-S3) with AWS managed customer master keys (CMKs)

Full Access
Question # 18

A company is using AWS Key Management Service (AWS KMS) customer master keys (CMKs) to encrypt AWS Lambda environment variables A solutions architect needs to ensure that the required permissions are in place to decrypt and use the environment variables.

Which steps must the solutions architect take to implement the correct permissions? (Select TWO.)

A.

Add AWS KMS permissions in the Lambda resource policy

B.

Add AWS KMS permissions in the Lambda execution role

C.

Add AWS KMS permissions in the Lambda function policy.

D.

Allow the Lambda execution role in the AWS KMS key policy

E.

Allow the Lambda resource policy in the AWS KMS key policy.

Full Access
Question # 19

A company has an application that collects data from loT sensors on automobiles. The data is streamed and stored in Amazon S3 through Amazon Kinesis Date Firehose The data produces trillions of S3 objects each year. Each morning, the company uses the data from the previous 30 days to retrain a suite of machine learning (ML) models.

Four times each year, the company uses the data from the previous 12 months to perform analysis and train other ML models The data must be available with minimal delay for up to 1 year. After 1 year, the data must be retained for archival purposes.

Which storage solution meets these requirements MOST cost-effectively?

A.

Use the S3 Intelligent-Tiering storage class. Create an S3 Lifecycle policy to transition objects to S3 Glacier Deep Archive after 1 year

B.

Use the S3 Intelligent-Tiering storage class. Configure S3 Intelligent-Tiering to automatically move objects to S3 Glacier Deep Archive after 1 year.

C.

Use the S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Create an S3 Lifecycle policy to transition objects to S3 Glacier Deep Archive after 1 year.

D.

Use the S3 Standard storage class. Create an S3 Lifecycle policy to transition objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days, and then to S3 Glacier Deep Archive after 1 year.

Full Access
Question # 20

A company is migrating a large, mission-critical database to AWS. A solutions architect has decided to use an Amazon RDS for MySQL Multi-AZ DB instance that Is deployed with 80,000 Provisioned IOPS for storage The solutions architect is using AWS Database Migration Service (AWS DMS) to perform the data migration. The migration is taking longer than expected, and the company wants to speed up the process. The company's network team has ruled out bandwidth as a limiting factor.

Which actions should the solutions architect take to speed up the migration? (Select TWO.)

A.

Disable Multi-AZ on the target DB instance.

B.

Create a new DMS instance that has a larger instance size.

C.

Turn off logging on the target DB instance until the initial load is complete.

D.

Restart the DMS task on a new DMS instance with transfer acceleration enabled.

E.

Change the storage type on the target DB instance to Amazon Elastic Block Store (Amazon EBS) General Purpose SSD (gp2).

Full Access
Question # 21

A company sells datasets to customers who do research in artificial intelligence and machine learning (Al/ML) The datasets are large, formatted files that are stored in an Amazon S3 bucket in the us-east-1 Region The company hosts a web application that the customers use to purchase access to a given dataset The web application is deployed on multiple Amazon EC2 instances behind an Application Load Balancer After a purchase is made customers receive an S3 signed URL that allows access to the files.

The customers are distributed across North America and Europe The company wants to reduce the cost that is associated with data transfers and wants to maintain or improve performance.

What should a solutions architect do to meet these requirements?

A.

Configure S3 Transfer Acceleration on the existing S3 bucket Direct customer requests to the S3 Transfer Acceleration endpoint Continue to use S3 signed URLs for access control

B.

Deploy an Amazon CloudFront distribution with the existing S3 bucket as the origin Direct customer requests to the CloudFront URL Switch to CloudFront signed URLs for access control

C.

Set up a second S3 bucket in the eu-central-1 Region with S3 Cross-Region Replication between the buckets Direct customer requests to the closest Region Continue to use S3 signed URLs for access control

D.

Modify the web application to enable streaming of the datasets to end users. Configure the web application to read the data from the existing S3 bucket Implement access control directly in the application

Full Access
Question # 22

A company currently has 250 TB of backup files stored in Amazon S3 in a vendor's proprietary format. Using a Linux-based software application provided by the vendor, the company wants to retrieve files from Amazon S3, transform the files to an industry-standard format, and re-upload them to Amazon S3. The company wants to minimize the data transfer charges associated with this conversion

What should a solutions architect do to accomplish this?

A.

Install the conversion software as an Amazon S3 batch operation so the data is transformed without leaving Amazon S3

B.

Install the conversion software onto an on-premises virtual machine. Perform the transformation and re-upload the files to Amazon S3 from the virtual machine.

C.

Use AWS Snowball Edge devices to export the data and install the conversion software onto the devices. Perform the data transformation and re-upload the files to Amazon S3 from the Snowball Edge devices

D.

Launch an Amazon EC2 instance in the same Region as Amazon S3 and install the conversion software onto the instance. Perform the transformation and re-upload the files to Amazon S3 from the EC2 instance.

Full Access
Question # 23

A healthcare computer stores highly sensitive records. Compliance requires that multiple copies be stored in different locations. Each record must be stored for 7 years. The company has a service level agreement (SLA) to provide records to government agencies immediately for the first 30 days and thin within 4 hours of a request thereafter.

What should a solutions architect recommend?

A.

Use Amazon S3 with cross-Region Region replication enabled. After 30 days. Transition the data to Amazon S3 Glacier using lifecycle policy.

B.

Use Amazon S3 with cross-origin resource sharing (CCRS) enabled. After 30 days. Transition on the data to Amazon S3 Glacier using a lifecycle policy.

C.

Use Amazon S3 with cross-origin replication enabled. After 30 days, transition the data to Amazon S3 Glacier Deep Archive a lifecycle policy.

D.

Use Amazon S3 with cross-origin resource sharing (CCRS) enabled. After 30 days, transition on the data to Amazon S3 Glacier Deep Archive using a lifecycle policy.

Full Access
Question # 24

A company is using AWS to design a web application that will process insurance quotes Users will request quotes from the application Quotes must be separated by quote type, must be responded to within 24 hours, and must not get lost The solution must maximize operational efficiency and must minimize maintenance. Which solution meets these requirements?

A.

Create multiple Amazon Kinesis data streams based on the quote type Configure the web application to send messages to the proper data stream Configure each backend group of application servers to use the Kinesis Client Library (KCL) to pool messages from its own data stream

B.

Create an AWS Lambda function and an Amazon Simple Notification Service (Amazon SNS) topic for each quote type Subscribe the Lambda function to its associated SNS topic Configure the application to publish requests tot quotes to the appropriate SNS topic

C.

Create a single Amazon Simple Notification Service (Amazon SNS) topic Subscribe Amazon Simple Queue Service (Amazon SQS) queues to the SNS topic Configure SNS message filtering to publish messages to the proper SQS queue based on the quote type Configure each backend application server to use its own SQS queue

D.

Create multiple Amazon Kinesis Data Firehose delivery streams based on the quote type to deliver data streams to an Amazon Elasucsearch Service (Amazon ES) cluster Configure the application to send messages to the proper delivery stream Configure each backend group of application servers to search for the messages from Amazon ES and process them accordingly

Full Access
Question # 25

What should a solutions architect do to ensure that all objects uploaded to an Amazon S3 bucket are encrypted?

A.

Update the bucket policy to deny if the PutObject does not have an s3 x-amz-acl header set

B.

Update the bucket policy to deny if the PutObject does not have an s3:x-amz-aci header set to private.

C.

Update the bucket policy to deny if the PutObject does not have an aws SecureTransport header set to true

D.

Update the bucket policy to deny if the PutObject does not have an x-amz-server-side-encryption header set.

Full Access
Question # 26

A company runs a web-based portal that provides users with global breaking news local alerts, and weather updates The portal delivers each user a personalized view by using a mixture of static and dynamic content Content is served over HTTPS through an API server running on an Amazon EC2 instance behind an Application Load Balancer (ALB) The company wants the portal to provide this content to its users across the world as quickly as possible

How should a solutions architect design the application to ensure the LEAST amount of latency for all users?

A.

Deploy the application stack in a single AWS Region Use Amazon CloudFront to serve all static and dynamic content by specifying the ALB as an origin

B.

Deploy the application stack in two AWS Regions Use an Amazon Route 53 latency routing policy to serve all content from the ALB in the closest Region

C.

Deploy the application stack in a single AWS Region Use Amazon CloudFront to serve the static content Serve the dynamic content directly from the ALB

D.

Deploy the application stack in two AWS Regions Use an Amazon Route 53 geolocation routing policy to serve all content from the ALB in the closest Region

Full Access
Question # 27

A company has a service that produces event data. The company wants to use AWS to process the event data as it is received. The data is written in a specific order that must be maintained throughout processing The company wants to implement a solution that minimizes operational overhead.

How should a solutions architect accomplish this?

A.

Create an Amazon Simple Queue Service (Amazon SQS) FIFO queue to hold messages Set up an AWS Lambda function to process messages from the queue

B.

Create an Amazon Simple Notification Service (Amazon SNS) topic to deliver notifications containing payloads to process Configure an AWS Lambda function as a subscriber.

C.

Create an Amazon Simple Queue Service (Amazon SQS) standard queue to hold messages. Set up an AWS Lambda function to process messages from the queue independently

D.

Create an Amazon Simple Notification Service (Amazon SNS) topic to deliver notifications containing payloads to process. Configure an Amazon Simple Queue Service (Amazon SQS) queue as a subscriber.

Full Access
Question # 28

An ecommerce company hosts its analytics application in the AWS Cloud. The application generates about 300 MB of data each month. The data is stored in JSON format The company is evaluating a disaster recovery solution to back up the data. The data must be accessible in milliseconds if it is needed, and the data must be kept for 30 days.

Which solution meets these requirements MOST cost-effectively?

A.

Amazon Elasticsearch Service (Amazon ES)

B.

Amazon S3 Glacier

C.

Amazon S3 Standard

D.

Amazon RDS for PostgreSQL

Full Access
Question # 29

A company is developing a mobile game that streams score updates to a backend processor and then posts results on a leaderboard A solutions architect needs to design a solution that can handle large traffic spikes process the mobile game updates in order of receipt and store the processed updates in a highly available database The company also wants to minimize the management overhead required to maintain the solution

What should the solutions architect do to meet these requirements?

A.

Push score updates to Amazon Kinesis Data Streams Process the updates in Kinesis Data Streams with AWS Lambda Store the processed updates in Amazon DynamoDB

B.

Push score updates to Amazon Kinesis Data Streams Process the updates with a fleet of Amazon EC2 instances set up for Auto Scaling Store the processed updates in Amazon Redshifi

C.

Push score updates to an Amazon Simple Notification Service (Amazon SNS) topic Subscribe an AWS Lambda function to the SNS topic to process the updates Store the processed updates in a SQL database running on Amazon EC2

D.

Push score updates to an Amazon Simple Queue Service (Amazon SQS) queue Use a fleet of Amazon EC2 instances with Auto Scaling to process the updates in the SQS queue Store the processed updates in an Amazon RDS Multi-AZ DB instance

Full Access
Question # 30

A company is automating an order management application. The company's development team has decided to use SFTP to transfer and store the business-critical information files The files must be encrypted and must be highly available. The files also must be automatically deleted a month after they are created.

Which solution meets these requirements with the LEAST operational overhead?

A.

Configure an Amazon S3 bucket with encryption enabled. Use AWS transfer for SFTP to securely transfer the files to the S3 bucket Apply an AWS Transfer for SFTP file retention policy to delete the files after a month

B.

Install an SFTP service on an Amazon EC2 instance Mount an Amazon Elastic File System (Amazon EFS) file share on the EC2 instance. Enable cron to delete the files after a month

C.

Configure an Amazon Elastic File System (Amazon EFS) file system with encryption enabled. Use AWS Transfer for SFTP to securely transfer the files to the EFS file system. Apply an EFS lifecycle policy to automatically delete the files after a month.

D.

Configure an Amazon S3 bucket with encryption enabled. Use AWS Transfer for SFTP to securely transfer the files to the S3 bucket. Apply S3 Lifecycle rules to automatically delete the files after a month.

Full Access
Question # 31

A company hosts its static website content from an Amazon S3 bucket in the us-east-1 Region Content is made available through an Amazon CloudFront origin pointing to that bucket Cross-Region replication is set up to create a second copy of the bucket in the ap-southeast-1 Region Management wants a solution that provides greater availability for the website

Which combination of actions should a solutions architect take to increase availability'? (Select TWO.

A.

Add both buckets to the CloudFront origin

B.

Configure failover routing in Amazon Route 53

C.

Create a record in Amazon Route 53 pointing to the replica bucket

D.

Create an additional CloudFront origin pointing to the ap-southeast-1 bucket

E.

Set up a CloudFront origin group with the us-east-1 bucket as the primary and the ap-southeast-1 bucket as the secondary

Full Access
Question # 32

A company needs to store 160TB of data for an indefinite of time. The company must be able to use standard SQL and business intelligence tools to query all of the data. The data will be queried no more than twice each month.

What is the MOST cost-effective solution that meets these requirements?

A.

Store the data in Amazon Aurora Serverles with MySQL . Use an SQL client to query the data.

B.

Store the data in Amazon S3. Use AWS Glue. Amazon Athena. IDBC and COBC drivers to query the data.

C.

Store the data in an Amazon EMR cluster with EMR File System (EMRFS) as the storage layer use Apache Presto to query the data.

D.

Store a subnet of the data in Amazon Redshift, and store the remaining data in Amazon S3. Use Amazon Redshift Spectrum to query the S3 data.

Full Access
Question # 33

A company is hosting an application in its own data center The application uses Amazon S3 for data storage The application transfers several hundred terabytes of data every month to and from Amazon S3 The company needs to minimize the cost of this data transfer

Which solution meets this requirement?

A.

Establish an AWS Direct Connect connection between the AWS Region in use and the company's data center Route traffic to Amazon S3 over the Direct Connect connection

B.

Establish an AWS Site-to-Site VPN connection between the company's data center and a VPC in the AWS Region in use. Create a VPC endpoint for Amazon S3 in the VPC. Route traffic to Amazon S3 over the VPN connection to the S3 endpoint.

C.

Create an AWS Storage Gateway file gateway Deploy the software appliance in the company's data center Configure the application to use the file gateway to store and retrieve files

D.

Create an FTPS server by using AWS Transfer Family. Configure the application to use the FTPS server to store and retrieve files

Full Access
Question # 34

A company has a stateless web application that runs on AWS Lambda functions that are invoked by Amazon API Gateway. The company wants to deploy the application across multiple AWS Regions to provide Regional failover capabilities.

What should a solutions architect do to route traffic to multiple Regions?

A.

Configure Amazon Route 53 health checks for each Region. Use an active-active failover configuration.

B.

Create an Amazon CloudFront distribution with an origin for each Region. Use CloudFront health checks to route traffic.

C.

Create an AWS Transit Gateway Attach the transit gateway to the API Gateway endpoint in each Region Configure the transit gateway to route requests.

D.

Use AWS Global Accelerator to create an accelerator with endpoints in each Region. Allow Global Accelerator to automatically monitor the health of endpoints and route requests.

Full Access
Question # 35

A manufacturing company has machine sensors that upload csv files to an Amazon S3 bucket These csv files must be converted into images and must be made available as soon as possible for the automatic generation of graphical reports.

The images become irrelevant after 1 month, but the csv files must be kept to train machine learning (ML) models twice a year. The ML trainings and audits are planned weeks in advance.

Which combination of steps will meet these requirements MOST cost-effectively? (Select TWO )

A.

Launch an Amazon EC2 Spot Instance that downloads the .csv files every hour, generates the image files, and uploads the images to the S3 bucket.

B.

Design an AWS Lambda function that converts the .csv files into images and stores the images in the S3 bucket Invoke the Lambda function when a csv file is uploaded.

C.

Create S3 Lifecycle rules for .csv files and image files in the S3 bucket Transition the csv files from S3 Standard to S3 Glacier 1 day after they are uploaded. Expire the image files after 30 days.

D.

Create S3 Lifecycle rules for csv files and image files in the S3 bucket Transition the csv files from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) 1 day after they are uploaded Expire the image files after 30 days

E.

Create S3 Lifecycle rules for .csv files and image files in the S3 bucket. Transition the csv files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 1 day after they are uploaded. Keep the image files in Reduced Redundancy Storage (RRS).

Full Access
Question # 36

A company has a custom application running on an Amazon EC2 instance that

• Reads a large amount of data from Amazon S3

• Performs a multi-stage analysis.

Writes the results to Amazon DynamoDB

The application writes a significant number of large, temporary files during the multi-stage analysis. The process performance depends on the temporary storage performance. What would be the fastest storage option for holding the temporary files?

A.

Multiple Amazon S3 buckets with Transfer Acceleration for storage

B.

Multiple Amazon EBS drives with Provisioned IOPS and EBS optimization

C.

Multiple Amazon EFS volumes using the Network File System version 4 1 (NFSv4 1) protocol

D.

Multiple instance store volumes with software RAID 0.

Full Access
Question # 37

A company has an automobile sales website that stores its listings in a database on Amazon RDS When an automobile is sold the listing needs to be removed from the website and the data must be sent to multiple target systems.

Which design should a solutions architect recommend?

A.

Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS> queue for the targets to consume

B.

Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) FIFO queue for the targets to consume

C.

Subscribe to an RDS event notification and send an Amazon Simple Queue Service (Amazon SQS) queue fanned out to multiple Amazon Simple Notification Service (Amazon SNS) topics Use AWS Lambda functions to update the targets

D.

Subscribe to an RDS event notification and send an Amazon Simple Notification Service (Amazon SNS) topic fanned out to multiple Amazon Simple Queue Service (Amazon SQS) queues Use AWS Lambda functions to update the targets

Full Access
Question # 38

A solution architect has created a new AWS account and must secure AWS account root user access Which combination of actions mil accomplish this? (Select TWO )

A.

Ensure the root user uses a strong password

B.

Enable multi-factor authentication to the root user

C.

Store root user access keys m an encrypted Amazon S3 bucket

D.

Add the root user to a group containing administrative permissions

E.

Apply the required permissions to the root user with an inline policy document

Full Access
Question # 39

A company is deploying an application that processes large quantities of data in batches as needed. The company plans to use Amazon EC2 instances for the workload. The network architecture must support a highly scalable solution and prevent groups of nodes from sharing the same underlying hardware.

Which combination of network solutions will meet these requirements? (Select TWO.)

A.

Create Capacity Reservations for the EC2 instances to run in a placement group

B.

Run the EC2 instances in a spread placement group.

C.

Run the EC2 instances in a cluster placement group.

D.

Place the EC2 instances in an EC2 Auto Scaling group.

E.

Run the EC2 instances in a partition placement group.

Full Access
Question # 40

A company is running a multi-tier web application on premises. The web application is containerized and runs on a number of Linux hosts connected to a PostgreSQL database that contains user records The operational overhead of maintaining the infrastructure and capacity planning is limiting the company's growth A solutions architect must improve the application's infrastructure.

Which combination of actions should the solutions architect take to accomplish this? (Select TWO.)

A.

Migrate the PostgreSQL database to Amazon Aurora

B.

Migrate the web application to be hosted on Amazon EC2 instances.

C.

Set up an Amazon CloudFront distribution for the web application content.

D.

Set up Amazon ElastiCache between the web application and the PostgreSQL database.

E.

Migrate the web application to be hosted on AWS Fargate with Amazon Elastic Container Service (Amazon ECS).

Full Access
Question # 41

A media streaming company collects real-time data and stores it in a disk-optimized database system. The company is not getting the expected throughput and wants an m-memory database storage solution that performs faster and provides high availability using data replication.

Which database should a solutions architect recommend?

A.

Amazon RDS for MySQL

B.

Amazon RDS for PostgreSQL

C.

Amazon ElastiCache for Redis

D.

Amazon ElastiCache for Memcached

Full Access
Question # 42

A company recently launched Linux-based application instances on Amazon EC2 in a private subnet and launched a Linux-based bastion host on an Amazon EC2 instance in a public subnet of a VPC A solutions architect needs to connect from the on-premises network, through the company's internet connection to the bastion host and to the application servers The solutions architect must make sure that the security groups of all the EC2 instances will allow that access

Which combination of steps should the solutions architect take to meet these requirements? (Select TWO)

A.

Replace the current security group of the bastion host with one that only allows inbound access from the application instances

B.

Replace the current security group of the bastion host with one that only allows inbound access from the internal IP range for the company

C.

Replace the current security group of the bastion host with one that only allows inbound access from the external IP range for the company

D.

Replace the current security group of the application instances with one that allows inbound SSH access from only the private IP address of the bastion host

E.

Replace the current security group of the application instances with one that allows inbound SSH access from only the public IP address of the bastion host

Full Access
Question # 43

An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table. What is me MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?

A.

Use a VPC endpoint for DynamoDB

B.

Use a NAT gateway in a public subnet

C.

Use a NAT instance in a private subnet

D.

Use the internet gateway attached to the VPC

Full Access
Question # 44

A company has recently updated its internal security standards The company must now ensure all Amazon S3 buckets and Amazon Elastic Block Store (Amazon EBS) volumes are encrypted with keys created and periodically rotated by internal security specialists The company is looking for a native, software-based AWS service to accomplish this goal

What should a solutions architect recommend as a solution?

A.

Use AWS Secrets Manager with customer master keys (CMKs) to store master key material and apply a routine to create a new CMK periodically and replace it m AWS Secrets Manager

B.

Use AWS Key Management Service (AWS KMS) with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in AWS KMS.

C.

Use an AWS CloudHSM cluster with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in the CloudHSM cluster nodes

D.

Use AWS Systems Manager Parameter Store with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in the Parameter Store

Full Access
Question # 45

A company wants to migrate its MySQL database from on premises to AWS. The company recently experienced a database outage that significantly impacted the business To ensure this does not happen again the company wants a reliable database solution on AWS that minimizes data loss and stores every transaction on at least two nodes

Which solution meets these requirements?

A.

Create an Amazon RDS DB instance with synchronous replication to three nodes in three Availability Zones.

B.

Create an Amazon RDS MySQL DB instance with Multi-AZ functionality enabled to synchronously replicate the data.

C.

Create an Amazon RDS MySQL DB instance and then create a read replica in a separate AWS Region that synchronously replicates the data.

D.

Create an Amazon EC2 instance with a MySQL engine installed that triggers an AWS Lambda function to synchronously replicate the data to an Amazon RDS MySQL DB instance

Full Access
Question # 46

A solutions architect is designing the architecture for a software demonstration environment The environment will run on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB) The system will experience significant increases in traffic during working hours but Is not required to operate on weekends.

Which combination of actions should the solutions architect take to ensure that the system can scale to meet demand? (Select TWO)

A.

Use AWS Auto Scaling to adjust the ALB capacity based on request rate

B.

Use AWS Auto Scaling to scale the capacity of the VPC internet gateway

C.

Launch the EC2 instances in multiple AWS Regions to distribute the load across Regions

D.

Use a target tracking scaling policy to scale the Auto Scaling group based on instance CPU utilization

E.

Use scheduled scaling to change the Auto Scaling group minimum, maximum, and desired capacity to zero for weekends Revert to the default values at the start of the week

Full Access
Question # 47

A company is developing a real-time multiplayer game that uses UDP for communications between the client and servers In an Auto Scaling group Spikes in demand are anticipated during the day, so the game server platform must adapt accordingly Developers want to store gamer scores and other non-relational data in a database solution that will scale without intervention

Which solution should a solutions architect recommend?

A.

Use Amazon Route 53 for traffic distribution and Amazon Aurora Serverless for data storage

B.

Use a Network Load Balancer for traffic distribution and Amazon DynamoDB on-demand for data storage

C.

Use a Network Load Balancer for traffic distribution and Amazon Aurora Global Database for data storage

D.

Use an Application Load Balancer for traffic distribution and Amazon DynamoDB global tables for data storage

Full Access
Question # 48

A solutions architect needs to design a nighty available application consisting of web. application and database tiers HTTPS content delivery should be as close to the edge as possible with the least delivery time

Which solution meets these requirements and is MOST secure?

A.

Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in public subnets Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin

B.

Configure a public Application Load Balancer with multiple redundant Amazon EC2 instances in private subnets Configure Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin

C.

Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in private subnets Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin

D.

Configure a public Application Load Balancer with multiple redundant Amazon EC2 instances in public subnets Configure Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin

Full Access
Question # 49

A company has three VPCs named Development, Testing and Production in the us-east-1 Region. The three VPCs need to be connected to an on-premises data center and are designed to be separate to maintain security and prevent any resource sharing A solutions architect needs to find a scalable and secure solution

What should the solutions architect recommend?

A.

Create an AWS Direct Connect connection and a VPN connection for each VPC to connect back to the data center.

B.

Create VPC peers from all the VPCs to the Production VPC Use an AWS Direct Connect connection from the Production VPC back to the data center

C.

Connect VPN connections from all the VPCs to a VPN in the Production VPC. Use a VPN connection from the Production VPC back to the data center

D.

Create a new VPC called Network Within the Network VPC create an AWS Transit Gateway with an AWS Direct Connect connection back to the data center Attach all the other VPCs to the Network VPC.

Full Access
Question # 50

A company is migrating Us applications to AWS Currently applications that run on premises generate hundreds of terabytes of data that is stored on a shared file system The company Is running an analytics application in the cloud that runs hourly to generate Insights from this data

The company needs a solution to handle the ongoing data transfer between the on-premises shared file system and Amazon S3 The solution also must be able to handle occasional interruptions m internet connectivity

Which solution should the company use for the data transfer to meet these requirements?

A.

AWS DataSync

B.

AWS Migration Hub

C.

AWS Snowball Edge Storage Optimized

D.

AWS Transfer for SFTP

Full Access
Question # 51

A company maintains about 300 TB in Amazon S3 Standard storage month after month The S3 objects are each typically around 50 GB in size and are frequently replaced with multipart uploads by their global application The number and size of S3 objects remain constant but the company's S3 storage costs are increasing each month

How should a solutions architect reduce costs in this situation?

A.

Switch from multipart uploads to Amazon S3 Transfer Acceleration

B.

Enable an S3 Lifecycle policy that deletes incomplete multipart uploads

C.

Configure S3 inventory to prevent objects from being archived too quickly

D.

Configure Amazon CloudFront to reduce the number of objects stored in Amazon S3

Full Access
Question # 52

A company's application is running on Amazon EC2 instances within an Auto Scaling group behind an Elastic Load Balancer Based on the application's history the company anticipates a spike in traffic during a holiday each year A solutions architect must design a strategy to ensure that the Auto Scaling group proactively increases capacity to minimize any performance impact on application users.

Which solution will meet these requirements'?

A.

Create an Amazon CloudWatch alarm to scale up the EC2 instances when CPU utilization exceeds 90%

B.

Create a recurring scheduled action to scale up the Auto Scaling group before the expected period of peak demand

C.

Increase the minimum and maximum number of EC2 instances in the Auto Scaling group during the peak demand period

D.

Configure an Amazon Simple Notification Service (Amazon SNS) notification to send alerts when there are autoscaling EC2_INSTANCE_LAUNCH events

Full Access
Question # 53

A company produces batch data that comes from different databases The company also produces live stream data from network sensors and application APIs. The company needs to consolidate all the data into one place for business analytics The company needs to process the incoming data and then stage the data in different Amazon S3 buckets Teams will later run onetime queries and import the data into a business intelligence tool to show key performance indicators (KPIs).

Which combination of steps will meet these requirements with the LEAST operational overhead? (Select TWO.)

A.

Use Amazon Athena foe one-time queries Use Amazon QuickSight to create dashboards for KPIs

B.

Use Amazon Kinesis Data Analytics for one-time queries Use Amazon QuickSight to create dashboards for KPIs

C.

Create custom AWS Lambda functions to move the individual records from me databases to an Amazon Redshift duster

D.

Use an AWS Glue extract transform, and toad (ETL) job to convert the data into JSON format Load the data into multiple Amazon OpenSearch Service (Amazon Elasticsearch Service) dusters

E.

Use blueprints in AWS Lake Formation to identify the data that can be ingested into a data lake Use AWS Glue to crawl the source extract the data and load the data into Amazon S3 in Apache Parquet format

Full Access
Question # 54

A company is building a new furniture inventory application The company has deployed the application on a fleet of Amazon EC2 instances across multiple Availability Zones The EC2 instances run behind an Application Load Balancer (ALB) in their VPC

A solutions architect has observed that incoming traffic seems to favor one EC2 instance resulting in latency for some requests

What should the solutions architect do to resolve this issue?

A.

Disable session affinity (sticky sessions) on the ALB

B.

Replace the ALB with a Network Load Balancer

C.

increase the number of EC2 instances in each Availability Zone

D.

Adjust the frequency of the health checks on the ALB's target group

Full Access
Question # 55

A company hosts an online shopping application that stores all orders in an Amazon RDS for PostgreSQL Single-AZ DB instance Management wants to eliminate single points of failure and has asked a solutions architect to recommend an approach to minimize database downtime without requiring any changes to the application code

Which solution meets these requirements?

A.

Convert the existing database instance to a Multi-AZ deployment by modifying the database instance and specifying the Multi-AZ option

B.

Create a new RDS Multi-AZ deployment Take a snapshot of the current RDS instance and restore the new Multi-AZ deployment with the snapshot

C.

Create a read-only replica of the PostgreSQL database m another Availability Zone Use Amazon Route 53 weighted record sets to distribute requests across the databases

D.

Place the RDS for PostgreSQL database in an Amazon EC2 Auto Scaling group with a minimum group size of two Use Amazon Route 53 weighted record sets to distribute requests across instances

Full Access
Question # 56

A company's application is running on Amazon EC2 instances in a single Region In the event of a disaster a solutions architect needs to ensure that the resources can also be deployed to a second Region.

Which combination of actions should the solutions architect take to accomplish this? (Select TWO )

A.

Detach a volume on an EC2 instance and copy it to Amazon S3.

B.

Launch a new EC2 instance from an Amazon Machine Image (AMI) in a new Region

C.

Launch a new EC2 instance in a new Region and copy a volume from Amazon S3 to the new instance,

D.

Copy an Amazon Machine Image (AMI) of an EC2 instance and specify a different Region for the destination

E.

Copy an Amazon Elastic Block Store (Amazon EBS) volume from Amazon S3 and launch an EC2 instance in the destination Region using that EBS volume

Full Access
Question # 57

A media company is using video conversion tools that run on Amazon EC2 instances The video conversion tools run on a combination of Windows EC? instances and Linux EC? instances Each video file is tens of gigabytes in size The video conversion tools must process the video files in the shortest possible amount of time The company needs a single, centralized file storage solution that can be mounted on all the EC2 Instances that host the video conversion tools.

Which solution will meet these requirements?

A.

Deploy Amazon FSx for Windows File Server with hard disk drive (HDD) storage

B.

Deploy Amazon FSx for Windows File Server wild solid stale drive (SSD) storage

C.

Deploy Amazon Elastic File System (Amazon EFS) with Max I/O performance mode

D.

Deploy Amazon Elastic File System (Amazon EFS) with General Purpose performance mode

Full Access
Question # 58

A marketing company is storing CSV files in an Amazon S3 bucket for statistical analysis An application on an Amazon EC2 instance needs permission to efficiently process the CSV data stored in the S3 bucket.

A.

Attach a resource-based policy lo the S3 bucket

B.

Create an IAM user for the application with specific permissions to the S3 bucket

C.

Associate an IAM role with least privilege permissions lo the EC2 instance profile

D Store AWS a credential directly on the EC2 instance for applications on the instance to use for API calls

Full Access
Question # 59

A company is using a fleet of Amazon EC2 instances to ingest data from on-premises data sources. The data is in JSON format and Ingestion rates can be as high as 1 MB/s. When an EC2 instance is rebooted, the data in-flight is lost. The company's data science team wants to query Ingested data In near-real time.

Which solution provides near-real -time data querying that is scalable with minimal data loss?

A.

Publish data to Amazon Kinesis Data Streams Use Kinesis data Analytics to query the data.

B.

Publish data to Amazon Kinesis Data Firehose with Amazon Redshift as the destination Use Amazon Redshift to query the data

C.

Store ingested data m an EC2 Instance store Publish data to Amazon Kinesis Data Firehose with Amazon S3 as the destination. Use Amazon Athena to query the data.

D.

Store ingested data m an Amazon Elastic Block Store (Amazon EBS) volume Publish data to Amazon ElastiCache tor Red Subscribe to the Redis channel to query the data

Full Access
Question # 60

A company requires that all version of object in its Amazon S3 bucket be retained. Current object versions will be frequently accessed during the first 30 days, after which they will be rarely accessed and must be retrievable within 5 minutes. Previous object versions need to be kept forever, will be rarely accessed, and can be retrieved within 1 week. All store solutions must be highly available and highly durable

What should a solutions architect recommend to meet these requirements in the MOST costs-effective manner?

A.

Create an S3 lifecycle policy tor the bucket that moves current object versions horn S3 Standard storage lo S3 Glacier after 30 days and moves previous object versions to S3 Glacier after 1 day

B.

Create an S3 lifecycle policy for the bucket that moves current object versions from S3 Standard storage to S3 Glacier after 30 days and moves previous object versions to S3 Glacier Deep Archive after 1 day.

C.

Create an S3 lifecycle policy for the bucket that moves current object versions from S3 Standard storage to S3 standard-infrequent Access (S3 Standard-IA) after 30 days and moves previous object versions to S3 Glacier Deep Archive after 1 day.

D.

Create an S3 lifecycle policy for the bucket that moves current object versions from S3 Standard storage to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days and moves previous object versions to S3 Glacier Deep Archive after 1 day

Full Access
Question # 61

A company is hosting a web application from an Amazon S3 bucket. The application uses Amazon Cognito as an identity provider lo authenticate users and return a JSON Web Token (JWT) that provides access to protected resources that am restored in another S3 bucket.

Upon deployment of the application, users report errors and are unable to access the protected content. A solutions architect must resolve this issue by providing proper permissions so that users can access the protected content.

Which solution meets these requirements?

A.

Update the Amazon Cognito identity pool to assume the proper IAM role for access to the protected consent.

B.

Update the S3 ACL to allow the application to access the protected content

C.

Redeploy the application to Amazon 33 to prevent eventually consistent reads m the S3 bucket from affecting the ability of users to access the protected content.

D.

Update the Amazon Cognito pool to use custom attribute mappings within tie Identity pool and grant users the proper permissions to access the protected content

Full Access
Question # 62

At part of budget planning. management wants a report of AWS billed dams listed by user. The data will be used to create department budgets. A solution architect needs to determine the most efficient way to obtain this report Information

Which solution meets these requirement?

A.

Run a query with Amazon Athena to generate the report.

B.

Create a report in Cost Explorer and download the report

C.

Access the bill details from me tuning dashboard and download Via bill.

D.

Modify a cost budget in AWS Budgets to alert with Amazon Simple Email Service (Amazon SES).

Full Access
Question # 63

A company has a web server running on an Amazon EC2 instance in public subnet with an Elastic IP address. The default security group is assigned to the EC2 instances. The default network ACL has been modified to block all traffic. A solution architect needs to make the web server accessible from everywhere on port 443.

Which combination of steps will accomplish this task? (Select TWO)

A.

Create a security group with a rule to allow TCP port 443 from source 0 0 0.04)

B.

Create a security group with a rule to allow TCP port 443 to destination 0 0.0.0/0.

C.

Update the network ACL to allow TCP port 443 from source 0.0.0.0/0.

D.

Update the network ACL to allow inboundoutbound TCP port 443 from source 0.0.0.0/0 and to destination 0.0.0.0/0.

E.

Update the network ACL to allow inbound TCP port 443 from source 0.0.0.010 and outbound TCP port 32766-65535 to destination 0.0.0.0/0

Full Access
Question # 64

A company has a mutt-tier application deployed on several Amazon EC2 instances m an Auto Scaling group. An Amazon RDS for Oracle instance is the application’s data layer that uses Oracle-specific

PL/'SQL functions. Traffic to the application has been steadily Increasing. This is causing the EC2 instances to become overloaded and the RDS instance to run out of storage. The Auto Scaling group does not have any scaling metrics and defines the minimum healthy instance count only. The company predicts that traffic will continue to increase at a steady but unpredictable rate before levelling off.

What should a solutions architect do to ensure the system can automatically scale for the increased traffic? (Select TWO.)

A.

Configure storage Auto Scaling on the RDS for Oracle Instance.

B.

Migrate the database to Amazon Aurora to use Auto Scaling storage.

C.

Configure an alarm on the RDS for Oracle Instance for low free storage space

D.

Configure the Auto Scaling group to use the average CPU as the scaling metric

E.

Configure the Auto Scaling group to use the average free memory as the seeing metric

Full Access
Question # 65

A company has deployed an internal API in a VPC behind an internet-facing Application Load Balancer (ALB). An application that consumes the API as a client is deployed in a VPC in a second account The application is deployed in private subnets behind a NAT gateway. When requests to the client application increase, the NAT gateway costs are higher than expected.

Which combination of architectural changes will reduce the NAT gateway costs? (Select TWO.)

A.

Configure a VPC peering connection between the two VPCs.

B.

Configure an AWS Direct Connect connection between the two VPCs.

C.

Replace the internet-facing ALB with an internal ALB. Access the API by using the ALB's private DNS address.

D.

Configure a ClassicLink connection for the API to the client VPC. Access the API by using the ClassicLink address.

E.

Configure an AWS Resource Access Manager connection between the two accounts. Access the API by using the ALB's private DNS address.

Full Access
Question # 66

A company stores 200 GB of data each month in Amazon S3. The company needs to perform analytics on this data at the end of each month to determine the number of items sold m each sates region for the previous month

Which analytics strategy is MOST cost-effective for the company to use?

A.

Create an Amazon Elasticsearch Service (Amazon ES) cluster Query the data in Amazon ES Visualize the data by using Kibana

B.

Create a table m the AWS Glue Data Catalog Query the data in Amazon S3 by using Amazon Athena Visualize the data m Amazon QuickSight

C.

Create an Amazon EMR cluster Query the data by using Amazon EMR and store the results in Amazon S3 Visualize the data in Amazon QuickSign.

D.

Create an Amazon Redshift cluster Query the data in Amazon Redshift and upload the results to Amazon S3 Visualize the data in Amazon QuickSight

Full Access
Question # 67

A company needs to build a reporting solution on AWS. The solution must support SQL queries that data analysts run on the data. The data analysts will run lower than 10 total queries each day. The company generates 3 GB of new data daily in an on-premises relational database. This data needs to be transferred to AWS to perform reporting tasks.

What should a solutions architect recommend to meet these requirements at the LOWEST cost?

A.

Use AWS Database Migration Service (AWS DMS) to replicate the data from the on-premises database into Amazon S3. Use Amazon Athena to query the data.

B.

Use an Amazon Kinesis Data Firehose delivery stream to deliver the data into an Amazon Elasticsearch Service (Amazon ES) cluster Run the queries in Amazon ES.

C.

Export a daily copy of the data from the on-premises database. Use an AWS Storage Gateway file gateway to store and copy the export into Amazon S3. Use an Amazon EMR cluster to query the data.

D.

Use AWS Database Migration Service (AWS DMS) to replicate the data from the on-premises database and load it into an Amazon Redshift cluster. Use the Amazon Redshift cluster to query the data.

Full Access
Question # 68

A company wants to minimize cost by moving infrequently accessed audit archives to low-cost storage.

Which AWS service should the company use for this storage?

A.

AWS Backup

B.

Amazon S3 Glacier

C.

AWS Snowball

D.

AWS Storage Gateway

Full Access
Question # 69

A company has migrated a fleet of hundreds of on-premises virtual machines (VMs) to Amazon EC2 instances. The instances run a diverse fleet of Windows Server versions along with several Linux distributions. The company wants a solution that will automate inventory and updates of the operating systems. The company also needs a summary of common vulnerabilities of each instance for regular monthly reviews.

What should a solutions architect recommend to meet these requirements?

A.

Set upAWS Systems Manager Patch Manager to manage all the EC2 instances. Configure AWS Security Hub to produce monthly reports.

B.

Set up AWS Systems Manager Patch Manager to manage all the EC2 instances. Deploy Amazon Inspector, and configure monthly reports.

C.

Set up AWS Shield Advanced, and configure monthly reports. Deploy AWS Config to automate patch installations on the EC2 instances.

D.

Set up Amazon GuardDuty in the account to monitor all EC2 instances. Deploy AWS Config to automate patch installations on the EC2 instances.

Full Access
Question # 70

The DNS provider that hosts a company's domain name records is experiencing outages that cause service disruption for a website running on AWS The company needs to migrate to a more resilient managed DNS service and wants the service to run on AWS.

What should a solutions architect do to rapidly migrate the DNS hosting service?

A.

Create an Amazon Route 53 public hosted zone for the domain name. Import the zone file containing the domain records hosted by the previous provider.

B.

Create an Amazon Route 53 private hosted zone for the domain name Import the zone file containing the domain records hosted by the previous provider

C.

Create a Simple AD directory in AWS. Enable zone transfer between the DNS provider and AWS Directory Service for Microsoft Active Directory for the domain records.

D.

Create an Amazon Route 53 Resolver inbound endpoint in the VPC Specify the IP addresses that the provider's DNS will forward DNS queries to Configure the provider's DNS to forward DNS queries for the domain to the IP addresses that are specified in the inbound endpoint.

Full Access
Question # 71

A company runs its Infrastructure on AWS and has a registered base of 700.000 users for res document management application The company intends to create a product that converts large pdf files to jpg Imago files. The .pdf files average 5 MB in size. The company needs to store the original files and the converted files. A solutions architect must design a scalable solution to accommodate demand that will grow rapidly over lime.

Which solution meets these requirements MOST cost-effectively?

A.

Save the pdf files to Amazon S3 Configure an S3 PUT event to invoke an AWS Lambda function to convert the files to jpg format and store them back in Amazon S3

B.

Save the pdf files to Amazon DynamoDB. Use the DynamoDB Streams feature to invoke an AWS Lambda function to convert the files to jpg format and store them hack in DynamoDB

C.

Upload the pdf files to an AWS Elastic Beanstalk application that includes Amazon EC2 instances. Amazon Elastic Block Store (Amazon EBS) storage and an Auto Scaling group. Use a program In the EC2 instances to convert the files to jpg format Save the .pdf files and the .jpg files In the EBS store.

D.

Upload the .pdf files to an AWS Elastic Beanstalk application that includes Amazon EC2 instances, Amazon Elastic File System (Amazon EPS) storage, and an Auto Scaling group. Use a program in the EC2 instances to convert the file to jpg format Save the pdf files and the jpg files in the EBS store.

Full Access
Question # 72

A company has a web application that users access from around the world The company has web servers in multiple AWS Regions to support the traffic A solutions architect must configure an Amazon Route 53 routing policy to send traffic to only the active web servers

Which configuration meets this requirement?

A.

Create a simple routing policy that uses health checks for each Region

B.

Create a multivalue answer routing policy that uses health checks for each Region

C.

Create a geoproximity routing policy with a health check bias of 99 for each Region

D.

Create a weighted routing policy with a health check weight of 100 for each Region

Full Access
Question # 73

A company wants to move from many standalone AWS accounts to a consolidated, multi-account architecture. The company plans to create many new AWS accounts for different business units The company needs to authenticate access to these AWS accounts by using a centralized corporate directory service

Which combination of actions should a solutions architect recommend to meet these requirements? (Select TWO )

A.

Create a new organization in AWS Organizations with all features turned on Create the new AWS accounts in the organization

B.

Set up an Amazon Cognito identity pool Configure AWS Single Sign-On to accept Amazon Cognito authentication

C.

Configure a service control policy (SCP) to manage the AWS accounts Add AWS Single Sign-On to AWS Directory Service

D.

Create a new organization in AWS Organizations Configure the organization's authentication mechanism to use AWS Directory Service directly

E.

Set up AWS Single Sign-On (AWS SSO) in the organization Configure AWS SSO and integrate it with the company's corporate directory service

Full Access
Question # 74

A group requires permissions to list an Amazon S3 bucket and delete objects from that bucket An administrator has created the following IAK1 policy to provide access to the bucket and applied that policy to the group. The group is not able to delete objects in the bucket. The company follows least-privilege access rules.

Which statement should a solutions architect add to the policy to correct bucket access?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 75

A company wants to relocate its on-premises MySQL database to AWS The database accepts regular imports from a client-facing application when causes a high volume of write operations. The company is concerned that the amount of traffic might be causing performance issues within the application.

How should a solutions architect design the architecture on AWS?

A.

Provision an Amazon RDS for MySQL DB instance with Provisioned IOPS SSD storage Monitor write operation metrics by using Amazon CloudWatch Adjust the provisioned IOPS if necessary

B.

Provision an Amazon RDS tor MySQL 06 instance with General Purpose SSD storage Place an Amazon ElastiCache duster in front of the DB instance Configure the application to query ElastiCache instead

C.

Provision an Amazon DocumentDB (with MongoDB compatibility) instance with a memory optimized instance type. Monitor Amazon CloudWatch tor performance-related issues Change the instance class it necessary

D.

Provision an Amazon Elastic File System (Amazon EFS) He system in General Purpose performance mode Monitor Amazon CloudWatch tor IOPS bottlenecks Change to Provisioned Throughput performance mode if necessary.

Full Access
Question # 76

A company plant to host a survey website on AWS The company anticipates an unpredictable amount of traffic This traffic results m asynchronous updates to the database. The company wants to ensure mat writes to the database hosted on AWS do not gel dropped

How should the company write its application to hand to these database requests?

A.

Configure the application to publish to an Amazon Simple Notification Service (Amazon SNS) topic Subscribe the database to the SNS topic.

B.

Configure the application to subscribe to an Amazon Simple Notification Service (Amazon SNS) topic. Publish the database updates to the SNS topic

C.

Use Amazon Simple Queue Service (Amazon SOS) FIFO queues to queue the database connection until the database has resources to wrist the data.

D.

Use Amazon Simple Queue Service (Amazon SOS) FIFO queues tor capturing the writes and draining the queue as each write is made to the database.

Full Access
Question # 77

A company runs a fleet of web servers using an Amazon RDS for PostgreSQL DB instance After a routine compliance check, the company sets a standard that requires a recovery pant objective (RPO) of less than 1 second for all its production databases.

Which solution meets these requirement?

A.

Enable a Multi-AZ deployment for the DB Instance

B.

Enable auto scaling for the OB instance m one Availability Zone.

C.

Configure the 06 instance in one Availability Zone and create multiple read replicas in a separate Availability Zone

D.

Configure the 06 instance m one Availability Zone, and configure AWS Database Migration Service (AWS DMS) change data capture (CDC) lacks

Full Access
Question # 78

A company is running several business applications in three separate VPCs within the us-east-1 Region. The applications must be able to communicate between VPCs. The applications also must be able to consistently send hundreds of gigabytes of data each day to a latency-sensitive application that runs in a single on-premises data center.

A solutions architect needs to design a network connectivity solution that maximizes cost-effectiveness.

Which solution meets these requirements?

A.

Configure three AWS Site-to-Site VPN connections from the data center to AWS. Establish connectivity by configuring one VPN connection for each VPC.

B.

Launch a third-party virtual network appliance in each VPC. Establish an IPsec VPN tunnel between the data center and each virtual appliance.

C.

Set up three AWS Direct Connect connections from the data center to a Direct Connect gateway In us-easl-1. Establish connectivity by configuring each VPC to use one of the Direct Connect connections.

D.

Set up one AWS Direct Connect connection from the data center lo AWS Create a transit gateway, and attach each VPC to the transit gateway. Establish connectivity between the Direct Connect connection and the transit gateway.

Full Access
Question # 79

A company wants to host a scalable web application on AWS The application will be accessed by users from different geographic regions of the world. Application users will be able to download and upload unique data up to gigabytes in size. The development team wants a cost-effective solution to minimize upload and download latency and maximize performance

What should a solutions architect do to accomplish this?

A.

Use Amazon S3 with Transfer Acceleration to host the application.

B.

Use Amazon S3 with CacheControl headers to host the application.

C.

Use Amazon EC2 with Auto Scaling and Amazon CloudFront to host the application

D.

Use Amazon EC2 with Auto Scaling and Amazon ElastiCache to host the application

Full Access
Question # 80

A company is using a VPC that is provisioned with a 10.10.1.0/24 CIDR block Because of continued growth IP address space in this block might be depleted soon. A solutions architect must add more IP address capacity to the VPC

Which solution will meet these requirements with the LEAST operational overhead?

A.

Create a new VPC Associate a larger CIDR block

B.

Add a secondary CIDR block of 10 10 2 0/24 to the VPC

C.

Resize the existing VPC CIDR block from 10 10 1.0/24 to 10 10.1.0

D.

Establish VPC peering with a new VPC that has a CIDR block of 10.10 1.0/16

Full Access
Question # 81

A company uses a combination of Amazon EC2 instances and AWS Fargate tasks to process daily transactions. The company faces unpredictable and sudden increases in transaction volume. The company needs a solution that will process the transactions immediately.

Which solution meets these requirement MOST cost-effectively?

A.

Purchase a Compute Savings Plan

B.

Purchase an EC2 Instance Savings Plan.

C.

Purchase Reserved Instances tor existing EC2 workloads.

D.

Use Spot Instances for existing EC2 workloads.

E.

Use Far gale Spot capacity for the tasks.

Full Access
Question # 82

A company stores can wordings on a monthly basis Users access lie recorded files randomly within 1year of recording, but users rarely access the files after 1year. The company wants to optimize its solution by allowing only files that ant newer than 1year old to be queried and retrieved as quickly as possible. A delay in retrieving older fees is acceptable

Which solution meets these requirements MOST cost-effectively?

A.

Store individual files in Amazon S3 Glacier Store search metadata in object tags that are created in S3 Glacier Query the S3 Glacier tags to retrieve the files from S3 Glacier.

B.

Store individual files in Amazon S3. Use S3 Lifecycle polices to move the ties to S3 Glacier after

1year. Query and retrieve the files that are in Amazon S3 by using Amazon Athena. Query and retrieve the files that are in S3 Glacier by using S3 Glacier Select.

C.

Store Individual files In Amazon S3 Store search metadata for each archive In Amazon S3 Use S3 Lifecycle policies to move the ties to S3 Glacier after 1 year Query and retrieve tie flies by searching for metadata from Amazon S3.

D.

Store individual files in Amazon S3 Use S3 Lifecycle policies to move the files to S3 Glacier after

1year. Store search metadata in Amazon RDS Query the Sea from Amazon RDS Retrieve the files from Amazon S3 or S3 Glacier

Full Access
Question # 83

A company wants to migrate its accounting system from an on-premises data center to the AWS Cloud m a single AWS Region. Data security and an immutable audit log are the top priorities. The company must monitor all AWS activities for compliance auditing. The company that enabled AWS CloudTrail but wants to make sure it meets meat requirements

Which actions should a solutions architect take lo protect and secure CloudTrail? (Select TWO.)

A.

Enable CloudTrail log file validation.

B.

Enable the CloudTrail Proceeding Library.

C.

Enable logging of Insights events in CloudTrail.

D.

Enable custom logging from the on-premises resources

E.

Create an AWS Config rule to monitor whether CloudTrail is configured to use server-side encryption with AWS KMS managed encryption keys (SSE-KMS)

Full Access
Question # 84

A company used an AWS Direct Connect connection to copy 1 PB of data from a colocation facility to an Amazon S3 bucket in the us-east-1 Region. The company now wants to copy the data to another S3 bucket in the us-weet-2 Region.

Which solution will meet this requirement?

A.

Use an AWS Snowball Edge Storage Optimized device to copy the data from the colocation facility to ua-weet-2

B.

Use the S3 console to copy the data horn the source S3 bucket to the target S3 bucket.

C.

Use S3 Transfer Acceleration and the S3 copy-object command to copy the data from the source S3 bucket to the target S3 bucket

D.

Add an S3 Cross-Region Replication configuration to copy the data from the source S3 bucket to the target S3 bucket.

Full Access
Question # 85

A company recently migrated a message processing system to AWS. The system receives messages into an ActiveMQ queue running on an Amazon EC2 instance. Messages are processed by a consumer application running on Amazon EC2. The consumer application processes the messages and writes results to a MySQL database funning on Amazon EC2. The company wants this application to be highly available with tow operational complexity

Which architecture otters the HGHEST availability?

A.

Add a second ActiveMQ server to another Availably Zone Add an additional consumer EC2 instance in another Availability Zone. Replicate the MySQL database to another Availability Zone.

B.

Use Amazon MO with active/standby brokers configured across two Availability Zones Add an additional consumer EC2 instance in another Availability Zone. Replicate the MySQL database to another Availability Zone.

C.

Use Amazon MO with active/standby blotters configured across two Availability Zones. Add an additional consumer EC2 instance in another Availability Zone. Use Amazon ROS tor MySQL with Multi-AZ enabled.

D.

Use Amazon MQ with active/standby brokers configured across two Availability Zones Add an Auto Scaling group for the consumer EC2 instances across two Availability Zones. Use Amazon RDS (or MySQL with Multi-AZ enabled.

Full Access
Question # 86

A company that primarily runs its application servers on premises has deeded to migrate to AWS. The company wants to minimize its need to scale its Internet Small Computer Systems Interface (iSCSI) storage on premises. The company wants only its recently accessed data to remain stored locally

Which AWS solution should the company use to meet these requirements?

A.

Amazon S3 File Gateway

B.

AWS Storage Gateway Tape Gateway

C.

AWS Storage Gateway Volume Gateway stored volumes

D.

AWS Storage Gateway Volume Gateway cached volumes

Full Access
Question # 87

A company needs to keep user transaction data in an Amazon DynamoDB table.

The company must retain the data for 7 years.

What is the MOST operationally efficient solution that meets these requirements?

A.

Use DynamoDB point-in-time recovery to back up the table continuously.

B.

Use AWS Backup to create backup schedules and retention policies for the table.

C.

Create an on-demand backup of the table by using the DynamoDB console. Store the backup in an Amazon S3 bucket. Set an S3 Lifecycle configuration for the S3 bucket.

D.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function. Configure the Lambda function to back up the table and to store the backup in an Amazon S3 bucket. Set an S3 Lifecycle configuration for the S3 bucket.

Full Access
Question # 88

A company has two AWS accounts in the same AWS Region. One account is a publisher account, and the other account is a subscriber account Each account has its own Amazon S3 bucket.

An application puts media objects into the publisher account's S3 bucket The objects are encrypted with server-side encryption with customer-provided encryption keys (SSE-C). The company needs a solution that will automatically copy the objects to the subscriber's account's S3 bucket.

Which solution will meet these requirements with the LEAST operational overhead?

A.

Enable S3 Versioning on the publisher account's S3 bucket Configure S3 Same-Region Replication of the objects to the subscriber account's S3 bucket

B.

Create an AWS Lambda function that is invoked when objects are published in the publisher account's S3 bucket. Configure the Lambda function to copy the objects to the subscriber accounts S3 bucket

C.

Configure Amazon EventBridge (Amazon CloudWatch Events) to invoke an AWS Lambda function when objects are published in the publisher account's S3 bucket Configure the Lambda function to copy the objects to the subscriber account's S3 bucket

D.

Configure Amazon EventBridge (Amazon CloudWatch Events) to publish Amazon Simple Notification Service (Amazon SNS) notifications when objects are published in the publisher account's S3 bucket When notifications are received use the S3 console to copy the objects to the subscriber accounts S3 bucket

Full Access
Question # 89

A company has an on-premises MySQL database that handles transactional data The company is migrating the database to the AWS Cloud The migrated database must maintain compatibility with the company's applications that use the database The migrated database also must scale automatically during periods of increased demand.

Which migration solution will meet these requirements?

A.

Use native MySQL tools to migrate the database to Amazon RDS for MySQL Configure elastic storage scaling

B.

Migrate the database to Amazon Redshift by using the mysqldump utility Turn on Auto Scaling for the Amazon Redshift cluster

C.

Use AWS Database Migration Service (AWS DMS) to migrate the database to Amazon Aurora Turn on Aurora Auto Scaling.

D.

Use AWS Database Migration Service (AWS DMS) to migrate the database to Amazon DynamoDB Configure an Auto Scaling policy.

Full Access
Question # 90

A company stores its application logs in an Amazon CloudWatch Logs log group. A new policy requires the company to store all application logs in Amazon OpenSearch Service (Amazon Elasticsearch Service) in near-real lime.

Which solution will meet this requirement with the LEAST operational overhead?

A.

Configure a CloudWatch Logs subscription to stream the logs to Amazon OpenSearch Service (Amazon Elasticsearch Service).

B.

Create an AWS Lambda function. Use the log group to invoke the function to write the logs to Amazon OpenSearch Service (Amazon Elasticsearch Service).

C.

Create an Amazon Kinesis Data Firehose delivery stream Configure the log group as the delivery stream's source. Configure Amazon OpenSearch Service (Amazon Elasticsearch Service) as the delivery stream's destination.

D.

Install and configure Amazon Kinesis Agent on each application server to deliver the logs to Amazon Kinesis Data Streams. Configure Kinesis Data Streams to deliver the logs to Amazon OpenSearch Service (Amazon Elasticsearch Service)

Full Access
Question # 91

A company has a web-based map application that provides status information about ongoing repairs. The application sometimes has millions of users. Repair teams have a mobile app that sends current location and status in a JSON message to a REST-based endpoint.

Few repairs occur on most days. The company wants the application to be highly available and to scale when large numbers of repairs occur after nature disasters. Customer use the application most often during these times. The company does not want to pay for idle capacity.

A.

Create a webpage that is based on Amazon S3 to display information. Use Amazon API Gateway and AWS Lambda to receive the JSON status data Store the JSON data m Amazon S3.

B.

Use Amazon EC2 instances as wad servers across multiple Availability Zones. Run the EC2 instances in an Auto Scaling group. Use Amazon API Gateway and AWS Lambda to receive the JSON status data Store the JSON data In Amazon S3.

C.

Use Amazon EC2 instances as web servers across multiple Availability Zones. Run the EC2 instances in an Auto Scaling group. Use a REST endpoint on the EC2 instances to receive the JSON status data. Store the JSON data in an Amazon RDS Mufti-AZ DB instance.

D.

Use Amazon EC? instances as web servers across multiple Availability zones Run the FC? instances in an Auto Scaling group Use a REST endpoint on the EC? instances to receive the JSON status data Store the JSON data in an Amazon DynamoDB table.

Full Access
Question # 92

A company needs to create an Amazon Elastic Kubernetes Service (Amazon EKS) cluster to host a digital media streaming application. The EKS cluster will use a managed node group that is backed by Amazon Elastic Block Store (Amazon EBS) volumes for storage. The company must encrypt all data at rest by using a customer managed key that is stored in AWS Key Management Service (AWS KMS)

Which combination of actions will meet this requirement with the LEAST operational overhead? (Select TWO.)

A.

Use a Kubernetes plugin that uses the customer managed key to perform data encryption.

B.

After creation of the EKS cluster, locate the EBS volumes. Enable encryption by using the customer managed key.

C.

Enable EBS encryption by default in the AWS Region where the EKS cluster will be created. Select the customer managed key as the default key.

D.

Create the EKS cluster Create an 1AM role that has cuwlicy that grants permission to the customer managed key. Associate the role with the EKS cluster.

E.

Store the customer managed key as a Kubernetes secret in the EKS cluster. Use the customer managed key to encrypt the EBS volumes.

Full Access
Question # 93

A hospital recently deployed a RESTful API with Amazon API Gateway and AWS Lambda The hospital uses API Gateway and Lambda to upload reports that are in PDF format and JPEG format The hospital needs to modify the Lambda code to identify protected health information (PHI) in the reports

Which solution will meet these requirements with the LEAST operational overhead?

A.

Use existing Python libraries to extract the text from the reports and to identify the PHI from the extracted text.

B.

Use Amazon Textract to extract the text from the reports Use Amazon SageMaker to identify the PHI from the extracted text.

C.

Use Amazon Textract to extract the text from the reports Use Amazon Comprehend Medical to identify the PHI from the extracted text

D.

Use Amazon Rekognition to extract the text from the reports Use Amazon Comprehend Medical to identify the PHI from the extracted text

Full Access
Question # 94

A company is experiencing sudden increases in demand. The company needs to provision large Amazon EC2 instances from an Amazon Machine image (AMI) The instances will run m an Auto Scaling group. The company needs a solution that provides minimum initialization latency to meet the demand.

Which solution meets these requirements?

A.

Use the aws ec2 register-image command to create an AMI from a snapshot Use AWS Step Functions to replace the AMI in the Auto Scaling group

B.

Enable Amazon Elastic Block Store (Amazon EBS) fast snapshot restore on a snapshot Provision an AMI by using the snapshot Replace the AMI m the Auto Scaling group with the new AMI

C.

Enable AMI creation and define lifecycle rules in Amazon Data Lifecycle Manager (Amazon DLM) Create an AWS Lambda function that modifies the AMI in the Auto Scaling group

D.

Use Amazon EventBridge (Amazon CloudWatch Events) to invoke AWS Backup lifecycle policies that provision AMIs Configure Auto Scaling group capacity limits as an event source in EventBridge (CloudWatch Events)

Full Access
Question # 95

A gaming company hosts a browser-based application on AWS The users of the application consume a large number of videos and images that are stored in Amazon S3. This content is the same for all users

The application has increased in popularity, and millions of users worldwide are accessing these media files. The company wants to provide the files to the users while reducing the load on the origin

Which solution meets these requirements MOST cost-effectively?

A.

Deploy an AWS Global Accelerator accelerator in front of the web servers

B.

Deploy an Amazon CloudFront web distribution in front of the S3 bucket

C.

Deploy an Amazon ElastiCache for Redis instance in front of the web servers

D.

Deploy an Amazon ElastiCache for Memcached instance in front of the web servers

Full Access
Question # 96

A company is running an application in a private subnet in a VPC win an attached internet gateway The company needs to provide the application access to the internet while restricting public access to the application The company does not want to manage additional infrastructure and wants a solution that is highly available and scalable

Which solution meets these requirements?

A Create a NAT gateway in the private subnet. Create a route table entry from the private subnet to the internet gateway

B Create a NAT gateway m a public subnet Create a route table entry from the private subnet to the NAT gateway

C. Launch a NAT instance m the private subnet Create a route table entry from the private subnet lo the internet gateway

D. Launch a NAT Instance in a public subnet Create a route table entry from the private subnet to the NAT instance.

Full Access
Question # 97

A company is planning on deploying a newly built application on AWS in a default VPC. The application will consist of a web layer and database layer. The web server was created in public subnets, and the MySQL database was created in private subnet. All subnets are created with the default network ACL settings, and the default security group in the VPC will be replaced with new custom security groups.

A.

Create a database server security group with inbound and outbound rules for MySQL port 3306 traffic to and from anywhere (0.0.0.0/0).

B.

Create a database server security group with an inbound rule for MySQL port 3300 and specify the source as a web server security group.

C.

Create a web server security group within an inbound allow rule for HTTPS port 443 traffic from anywbere (0.0.0.0/0) and an inbound deny rule for IP range 182. 20.0.0/16

D.

Create a web server security group with an inbound rule for HTTPS port 443 traffic from anywhere (0.0.0.0/0). Create network ACL inbound and outbound deny rules for IP range 182. 20.0.0/16

E.

Create a web server security group with an inbound and outbound rules for HTTPS port 443 traffic to and from anywbere (0.0.0.0/0). Create a network ACL inbound deny rule for IP range 182. 20.0.0/16.

Full Access
Question # 98

A company has chosen to rehost its application on Amazon EC2 instances The application occasionally experiences errors that affect parts of its functionality The company was unaware of this issue until users reported the errors The company wants to address this problem during the migration and reduce the time it takes to detect issues with the application Log files for the application are stored on the local disk.

A solutions architect needs to design a solution that will alert staff if there are errors in the application after the application is migrated to AWS. The solution must not require additional changes to the application code.

What is the MOST operationally efficient solution that meets these requirements?

A.

Configure the application to generate custom metrics tor the errors Send these metric data points to Amazon. CloudWatch by using the PutMetricData API call Create a CloudWatch alarm that is based on the custom metrics

B.

Create an hourly cron job on the instances to copy the application log data to an Amazon S3 bucket Configure an AWS Lambda function to scan the log file and publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to alert staff rf errors are detected.

C.

Install the Amazon CloudWatch agent on the instances Configure the CloudWatch agent to stream the application log file to Amazon CloudWatch Logs Run a CloudWatch Logs insights query to search lor the relevant pattern in the log file Create a CloudWatch alarm that is based on the query output

D.

Install the Amazon CloudWatch agent on the instances Configure the CloudWatch agent to stream the application log file to Amazon CloudWatch Logs. Create a metric fitter for the relevant log group. Define the filter pattern that is required to determine that there are errors in the application Create a CloudWatch alarm that is based on the resulting metric.

Full Access
Question # 99

An online retail company has more than 50 million active customers and receives more than 25,000 orders each day. The company collects purchase data for customers and stores this data in Amazon S3. Additional customer data is stored in Amazon RDS.

The company wants to make all the data available to various teams so that the teams can perform analytics. The solution must provide the ability to manage fine-grained permissions for the data and must minimize operational overhead.

Which solution will meet these requirements?

A.

Migrate the purchase data to write directly to Amazon RDS. Use RDS access controls to limit access.

B.

Schedule an AWS Lambda function to periodically copy data from Amazon RDS to Amazon S3. Create an AWS Glue crawler. Use Amazon Athena to query the data. Use S3 policies to limit access.

C.

Create a data lake by using AWS Lake Formation. Create an AWS Glue JOBC connection to Amazon RDS. Register the S3 bucket in Lake Formation. Use Lake D. Formation access controls to limit access. Create an Amazon Redshift cluster Schedule an AWS Lambda function to periodically copy data from Amazon S3 and Amazon RDS to Amazon Redshift. Use Amazon Redshift access controls to limit access.

Full Access
Question # 100

A company stores millions of objects in Amazon S3. The data is in JSON format and Apache Parquet format. The data is partitioned and new objects are added daily. A solutions architect needs to create a solution so that employees can use SQL to perform one-time queries against all the data. The solution must avoid code changes and must minimize operational overhead.

Which solution will meet these requirements?

A.

Use S3 Select to perform queries against all the S3 objects

B.

Create an AWS Glue table and an AWS Glue crawler Schedule the crawler to run daily Perform queries with Amazon Athena

C.

Create an Amazon EMR cluster Set up C. EMR File System (EMRFS) to access the S3 bucket Perform queries with Apache Spark

D.

Create an Amazon Redshift cluster Schedule an AWS Lambda function to perform the COPY command on the Redshift cluster to load the S3 data Perform queries on the Redshift cluster.

Full Access
Question # 101

A company runs us two-tier ecommerce website on AWS The web tier consists of a load balancer that sends traffic to Amazon EC2 instances The database tier uses an Amazon RDS D8 instance The EC2 instances and the ROS DB instance should not be exposed to the public internet The EC2 instances require internet access to complete payment processing of orders through a third-party web service The application must be highly available

Which combination of configuration options will meet these requirements? (Select TWO.)

A.

Use an Auto Scaling group to launch the EC2 Instances in private subnets Deploy an RDS Mulli-AZ DB instance in private subnets

B.

Configure a VPC with two private subnets and two NAT gateways across two Availability Zones Deploy an Application Load Balancer in the private subnets

C.

Use an Auto Scaling group to launch the EC2 instances in public subnets across two Availability Zones Deploy an RDS Multi-AZ DB instance in private subnets

D.

Configure a VPC with one public subnet, one private subnet, and two NAT gateways across two Availability Zones Deploy an Application Load Balancer in the public subnet

E.

Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones Deploy an Application Load Balancer in the public subnets

Full Access
Question # 102

A company has a web application that runs on Amazon EC2 instances. The company wants end users to authenticate themselves before they use the web application. The web application accesses AWS resources, such as Amazon S3 buckets, on behalf of users who are logged on.

Which combination of actions must a solutions architect take to meet these requirements? (Select TWO).

A.

Configure AWS App Mesh to log on users.

B.

Enable and configure AWS Single Sign-On in AWS Identity and Access Management (IAM).

C.

Define a default (AM role for authenticated users.

D.

Use AWS Identity and Access Management (IAM) for user authentication.

E.

Use Amazon Cognito for user authentication.

Full Access
Question # 103

A payment processing company records all voice communication with its customers and stores the audio files in an Amazon S3 bucket. The company needs to capture

the text from the audio files. The company must remove from the text any personally identifiable information (Pll) that belongs to customers.

What should a solutions architect do to meet these requirements?

A.

Process the audio files by using Amazon Kinesis Video Streams. Use an AWS Lambda function to scan for known Pll patterns.

B.

When an audio file is uploaded to the S3 bucket, invoke an AWS Lambda function to start an Amazon Textract task to analyze the call recordings.

C.

Configure an Amazon Transcribe transcription job with Pll redaction turned on. When an audio file is uploaded to the S3 bucket, invoke an AWS Lambda function to start the transcription job. Store the

output in a separate S3 bucket.

D.

Create an Amazon Connect contact flow that ingests the audio files with transcription turned on. Embed an AWS Lambda function to scan for known Pll patterns. Use Amazon EventBridge (Amazon CloudWatch Events) to start the contact flow when an audio file is uploaded to the S3 bucket.

Full Access